CRLF injection vulnerability in MailGates/MailAudit by Openfind enables unauthenticated remote attackers to read system files. Published 2026-04-16; modified 2026-05-19. CVSS 4.0 vector indicates network attack vector with low complexity, no privileges required, and high confidentiality impact. CISA KEV: Not listed.
A critical stack-based buffer overflow vulnerability exists in MailGates/MailAudit, email security products developed by Openfind. The flaw allows unauthenticated remote attackers to hijack program execution flow and execute arbitrary code. The vulnerability was disclosed by Taiwan's Computer Emergency Response Team/Coordination Center (TWCERT/CC) and carries a CVSS 4.0 score of 9.3 (Critical). As of the [truncated]